1. What is it?
--------------------------------------------------------------------------------
LinkedIn.com - it is a big portal for people who are looking for
a job or for past and present colleagues.

2. Where is the bug?
--------------------------------------------------------------------------------
I found that LinkedIn is vulnerable to persistent cross-site scripting.

Logged-in user is able to add XSS code to this site.

3. PoC
--------------------------------------------------------------------------------
Proof-of-concept code will not be disclosed to public before it will be secured.

* When you are logged in at LinkedIn, choose one person from your contact list
* and go to this profile. In the middle (and right side) of profile-page,
* you will have 'edit tag' form. This is the vulnerable place.
* Malicious user, can add here 100-character long string to exploit this
* vulnerability, for example:
' > " > < img src=x onerror= alert ( / hi / ) >.